IT Security News Blast 8-8-2017

Following up on the Task Force’s recommendation to provide health care officials with the knowledge and tools to manage cybersecurity threats, on July 25, 2017, the HHS Office for Civil Rights (“OCR”) launched a revised web tool, the HIPAA Breach Reporting Tool (“HBRT”). The HBRT helps individuals identify recent breaches of health information, and to learn how such breaches should be investigated and properly resolved.

“The primary reason zero-trust makes so much sense today is that our networks no longer have an outside,” Pollard explained. “The perimeter has disappeared and organizations of all sizes have multiple third-party connections, data-sharing agreements, hybrid cloud deployments and remote users. Relying on a model that assumes if you are inside the network you must be OK is a recipe for disaster.”

Kim Jones, director of the cybersecurity education consortium at Arizona State University, outlined four attributes security professionals must possess and continue to perfect. The first, he said, is a high level of technical skills, as both the technology and the threats against the technology continue to evolve. The second is excellent critical thinking skills, he said, going beyond simple problem-solving and getting to an ability to truly “see” the “three-level chessboard” and maneuver on it masterfully.

The most common threats seen among businesses were phishing (72%), spyware (50%), ransomware (49%), and Trojans (47%). Phishing caused the greatest damage. Few respondents face zero-day threats; 76% said less than 10% of significant threats they faced were zero-days. “Today’s threats predominately leverage the same old vulnerabilities and techniques[.]”

By increasing regular examination of regulated entities, such as broker dealers and investment advisers, these entities will likely have more direct oversight and scrutiny of their information security programs. In addition, direct regulatory oversight of financial institutions subject to the SEC’s jurisdiction, and broader scrutiny of public companies and their security breach-related disclosures, seems probable. “In the wake of a breach, we are going to ask questions and look at disclosures before and after an incident,” said Avakian.

The manual consists of a set of guidelines — 154 rules — which set out how the lawyers think international law can be applied to cyber warfare, covering everything from the use of cyber mercenaries to the targeting of medical units’ computer systems. The idea is that by making the law around cyberwarfare clearer, there is less risk of an attack escalating, because escalation often occurs when the rules are not clear and leaders over-react.

On July 6, 2017, after scanning the internet for publicly available Rsync services, Vickery discovered the PQE data, including both internal and client records. The records were secured two days later after Vickery contacted PQE, but prior to that anyone who connected to the IP and port directly could’ve downloaded the records for themselves. The files Vickery discovered included schematics that highlighted “potential weak points and trouble in customer electrical systems,” a report from UpGuard shared with Salted Hash explains.

350% more cybersecurity pros in Washington, D.C., area than rest of U.S.

Investors—especially angels and first round financiers—prefer to be close to their portfolio companies. Simply put, where there are VCs, there will be startups. […] While the D.C. metro area is long on cybersecurity talent, it’s short on cybersecurity product companies, according to a paper written by Ackerman and Janke. They say Beltway cyber experts lack the commercial DNA essential to commercialize market growth.

“The increase of commercial and private drones in the U.S. has raised our concerns with regards to safety and security of our installations,” Davis said. “Protecting our force remains a top priority, and that’s why DoD issued this very specific but classified policy, developed with the FAA and our inter-agency partners, that details how DoD personnel may counter the unmanned aircraft threat.”

Radio navigation set to make global return as GPS backup, because cyber

Since GPS signals from satellites are relatively weak, they are prone to interference, accidental or deliberate. And GPS can be jammed or spoofed—portable equipment can easily drown them out or broadcast fake signals that can make GPS receivers give incorrect position data. The same is true of the Russian-built GLONASS system. Over the past few years, the US Coast Guard has reported multiple episodes of GPS jamming at non-US ports, including an incident reported to the Coast Guard’s Navigation Center this June that occurred on the Black Sea.

An official says a British cybersecurity researcher remains jailed in Nevada, a day before he’s due to face charges in federal court in Milwaukee that he created and distributed malicious software designed to steal banking passwords. Southern Nevada Detention Center spokeswoman Kayla Gieni (DJEE’-nee) said Monday that 23-year-old Marcus Hutchins remains at the facility about 60 miles (96.5 kilometres) outside Las Vegas.

Malware as a Service (MaaS), Cyber Criminals are selling individual pieces of Malware on Dark Net Marketplaces at a set cost; while others are providing a subscription-style service to the owners of the Crimepacks. Each subscriber has access to all new and updated Malware developed for the duration of their subscription which has been continuously tested against the latest defences from the security vendors who then confirm they are unable to detect it.

This paper considers the properties of cyber risk, discusses why the private market can fail to provide the socially optimal level of cybersecurity, and explore how systemic cyber risk interacts with other financial stability risks. Furthermore, this study examines the current regulatory frameworks and supervisory approaches, and identifies information asymmetries and other inefficiencies that hamper the detection and management of systemic cyber risk. The paper concludes discussing policy measures that can increase the resilience of the financial system to systemic cyber risk.

The threats were attributed to an individual on Facebook known as “Brian Kil.” […] The investigation was complex, Minkler said, requiring more than 100 state and federal search warrants along with electronic surveillance, wiretapping and sophistic computer forensics techniques. Minkler said more than 200 grand jury subpoenas were issued in an effort to find the “needle in a haystack.”

Although cyber threat information sharing is generally defined in terms of a broad set of activities, ranging from collecting, analyzing and distributing indicators of threats and compromise to education and awareness around cyber hygiene and response, not much consideration is given to the ability of the recipient to consume the information and react, commensurate with the maturity of its information security resources, security technologies and processes, more specifically, how the information impacts their ability to mitigate a cyber threat.

The guidelines are aimed at everyone involved in the manufacturing supply chain, from designers and engineers, to retailers and senior level executives. They include a series of key principles for use throughout the automotive sector, the CAV and ITS ecosystems and their supply chains – drawn up by The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI).

A privacy advocacy group has filed a formal complaint with the Federal Trade Commission, alleging that Hotspot Shield, a popular free VPN service, collects numerous pieces of data and intercepts traffic in contrast to the company’s claim that it provides “complete anonymity.” In its 14-page filing, which was submitted Monday morning, the Center for Democracy and Technology claims that the company displays persistent cookies and works with various other entities for advertising purposes, among other alleged unsavory practices.

“We discovered a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top boxes from vendors including Cisco, Arris, Technicolor, and Motorola. Our research shows that it was possible to remotely and wirelessly tap all Internet and voice traffic passing through the affected gateways, impacting millions of ISP customers.”

The number of emails carrying malware increased to a new high in July with one in every 359 emails carrying a malicious payload, according to Symantec’s July Intelligence Report. […] In July most email malware targeted the agricultural, forestry, mining and public administration industries with companies employing between 1 and 250 and 1,001 to 1,500 people being hit most often. […] Phishing emails are also hitting recent highs with one in every 1,968 emails falling into this category in July, up ever so slightly from the one in 1,975 emails in June, but well above the one in every 9,138 emails that was reported in March 2017. The mining industry was the most phished and was the top spam recipient, the report stated.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.